We found installation simple enough and you start by entering basic network details using the appliance’s control pad and LCD display panel. After entering information about our DHCP and proxy servers, along with SSL port number and account username and password, the appliance contacted Qualys and registered itself. From here on in you don’t need to touch the appliance again as you use the Qualys website to carry out all management, configuration and reporting. From your own home page you can enter the IP addresses you want scanned and the price of the service is determined by the number of addresses and scans required. Note that once entered you cannot change or delete the IP addresses yourself so if you want to scan new machines you’ll have to purchase extra licenses. You determine the type of scan from the ‘preferences’ tab which offers full or partial scans and options for scanning the standard collection of around 1,800 TCP ports and adding additional port numbers. Five settings also determine the amount of network bandwidth the scan process is allowed to consume and the depth of scanning. The latter feature is where Qualys scores above and beyond the competition as it uses an attack database which lists many thousand of weaknesses and these are regularly updated whenever a new threat is identified. Any modifications are easily deployed as the database is downloaded to the appliance along with your parameters every time a scan is initiated. Even a brief glance at the scan results of our test network showed clearly how powerful the Qualys service is. Whereas ISS Internet Scanner 7.0 (IS7) spotted around a dozen security leaks or holes on some of our test servers, the Intranet Scanner found 129 vulnerabilities on only three Windows Server systems and none of these were trivial as we had deliberately left them open to attack. Qualys had no problems identifying and scanning our Windows Server 2003 systems. During testing of IS7 we discovered that not only was it unable to correctly identify this OS but couldn’t scan it either. Qualys doesn’t worry so much about OS identification but it certainly had no problems with this OS. Not only does it find vulnerabilities and threats but the Intranet Scanner advises on how to plug them as well. We were impressed with the extensive reporting tools provided on the website. During testing we encountered no problems with the Intranet Scanner and found it extremely easy to use. The comparatively high price will limit its appeal for small and medium businesses but it is undoubtedly a very sophisticated vulnerability scanning service that delivers a huge amount of easily accessible information about the state on your local network.
The trust factor is never more important than with network security products and services. Vulnerability scanning on local networks is only now receiving a high profile and many vendors are keen to jump on the bandwagon so caution is advised. However, despite its high price the Qualys alternative looks to be one of the most sophisticated and capable services of its kind.